root / doc / design-ssh-ports.rst @ 333bd799
History | View | Annotate | Download (2.1 kB)
| 1 | 3ff2cf55 | Petr Pudlak | ================================================ |
|---|---|---|---|
| 2 | 3ff2cf55 | Petr Pudlak | Design for supporting custom SSH ports for nodes |
| 3 | 3ff2cf55 | Petr Pudlak | ================================================ |
| 4 | 3ff2cf55 | Petr Pudlak | |
| 5 | 3ff2cf55 | Petr Pudlak | .. contents:: :depth: 4 |
| 6 | 3ff2cf55 | Petr Pudlak | |
| 7 | 3ff2cf55 | Petr Pudlak | This design document describes the intention of supporting running SSH servers |
| 8 | 3ff2cf55 | Petr Pudlak | on nodes with non-standard port numbers. |
| 9 | 3ff2cf55 | Petr Pudlak | |
| 10 | 3ff2cf55 | Petr Pudlak | |
| 11 | 3ff2cf55 | Petr Pudlak | Current state and shortcomings |
| 12 | 3ff2cf55 | Petr Pudlak | ============================== |
| 13 | 3ff2cf55 | Petr Pudlak | |
| 14 | 3ff2cf55 | Petr Pudlak | All SSH deamons are expected to be running on the default port 22. It has been |
| 15 | 3ff2cf55 | Petr Pudlak | requested by Ganeti users (`Issue 235`_) to allow SSH daemons run on |
| 16 | 3ff2cf55 | Petr Pudlak | non-standard ports as well. |
| 17 | 3ff2cf55 | Petr Pudlak | |
| 18 | 3ff2cf55 | Petr Pudlak | .. _`Issue 235`: https://code.google.com/p/ganeti/issues/detail?id=235 |
| 19 | 3ff2cf55 | Petr Pudlak | |
| 20 | 3ff2cf55 | Petr Pudlak | |
| 21 | 3ff2cf55 | Petr Pudlak | Proposed Changes |
| 22 | 3ff2cf55 | Petr Pudlak | ================ |
| 23 | 3ff2cf55 | Petr Pudlak | |
| 24 | 3ff2cf55 | Petr Pudlak | Allow users to configure groups with custom SSH ports. All nodes in such a |
| 25 | 3ff2cf55 | Petr Pudlak | group will then be using its configured SSH port. |
| 26 | 3ff2cf55 | Petr Pudlak | |
| 27 | 3ff2cf55 | Petr Pudlak | The configuration will be on the group level only as we expect all nodes in a group |
| 28 | 3ff2cf55 | Petr Pudlak | to have identical configurations. |
| 29 | 3ff2cf55 | Petr Pudlak | |
| 30 | 3ff2cf55 | Petr Pudlak | Users will be responsible for configuring the SSH daemons on machines before |
| 31 | 3ff2cf55 | Petr Pudlak | adding them as nodes to a group with a non-standard port number, or when |
| 32 | 3ff2cf55 | Petr Pudlak | modifying the port number of an existing group. Ganeti will not update SSH |
| 33 | 3ff2cf55 | Petr Pudlak | configuration by itself. |
| 34 | 3ff2cf55 | Petr Pudlak | |
| 35 | 3ff2cf55 | Petr Pudlak | |
| 36 | 3ff2cf55 | Petr Pudlak | Implementation Details |
| 37 | 3ff2cf55 | Petr Pudlak | ====================== |
| 38 | 3ff2cf55 | Petr Pudlak | |
| 39 | 3ff2cf55 | Petr Pudlak | We must ensure that all operations that use SSH will use custom ports as configured. This includes: |
| 40 | 3ff2cf55 | Petr Pudlak | |
| 41 | 3ff2cf55 | Petr Pudlak | - gnt-cluster verify |
| 42 | 3ff2cf55 | Petr Pudlak | - gnt-cluster renew-crypto |
| 43 | 3ff2cf55 | Petr Pudlak | - gnt-cluster upgrade |
| 44 | 3ff2cf55 | Petr Pudlak | - gnt-node add |
| 45 | 3ff2cf55 | Petr Pudlak | - gnt-instance console |
| 46 | 3ff2cf55 | Petr Pudlak | |
| 47 | 3ff2cf55 | Petr Pudlak | Configuration Changes |
| 48 | 3ff2cf55 | Petr Pudlak | ~~~~~~~~~~~~~~~~~~~~~ |
| 49 | 3ff2cf55 | Petr Pudlak | |
| 50 | 3ff2cf55 | Petr Pudlak | The node group *ndparams* will get an additional integer valued parameter *ssh_port*. |
| 51 | 3ff2cf55 | Petr Pudlak | |
| 52 | 3ff2cf55 | Petr Pudlak | Upgrades/downgrades |
| 53 | 3ff2cf55 | Petr Pudlak | ~~~~~~~~~~~~~~~~~~~ |
| 54 | 3ff2cf55 | Petr Pudlak | |
| 55 | 3ff2cf55 | Petr Pudlak | To/from version 2.10 |
| 56 | 3ff2cf55 | Petr Pudlak | -------------------- |
| 57 | 3ff2cf55 | Petr Pudlak | |
| 58 | 3ff2cf55 | Petr Pudlak | During upgrade from 2.10, the default value 22 will be supplemented. |
| 59 | 3ff2cf55 | Petr Pudlak | |
| 60 | 3ff2cf55 | Petr Pudlak | During downgrade to 2.10 the downgrading script will check that there are no |
| 61 | 3ff2cf55 | Petr Pudlak | configured ports other than 22 (because this would result in a broken cluster) |
| 62 | 3ff2cf55 | Petr Pudlak | and then will remove the corresponding key/value pairs from the configuration. |
| 63 | 3ff2cf55 | Petr Pudlak | |
| 64 | 3ff2cf55 | Petr Pudlak | Future versions |
| 65 | 3ff2cf55 | Petr Pudlak | --------------- |
| 66 | 3ff2cf55 | Petr Pudlak | |
| 67 | 3ff2cf55 | Petr Pudlak | For future versions the up/downgrade operation will need to know the configured |
| 68 | 3ff2cf55 | Petr Pudlak | SSH ports. Because all daemons are stopped during the process, it will be |
| 69 | 3ff2cf55 | Petr Pudlak | necessary to include SSH ports in *ssconf*. |